Documentation

Next to the mandatory policies, procedures and records, there are 4 Mandatory Documents that need to be available and ready for the external audit certification: Management Review, Internal Audit Report, Scope of ISMS and Statement of Applicability

[1] Management Review 

Preparing Management Review is automated in Compleye Online, read on Management Review section step by step how and what to do. 

[2] Internal Audit 

Internal Audit is done by a third party and the final report is uploaded to the Internal Audit section of the Compleye Online together with the findings and approvals. Internal Audit procedure needs to be followed and documented as part of the mandatory Policies and Procedures, we have a template for Internal Audit Procedures provided to you under the section Templates.  

[3] Scope of ISMS

The main purpose of setting the ISMS (information security management system) scope is to define which information you intend to protect. Carefully define the scope as auditor will check if all the elements of the ISMS work well within your scope; he won’t check the components that are not included in your scope. 

[4] Statement of Applicability

It is very relevant document because it describes how you will implement your information security. Statement of Applicability shows which of the suggested 114 controls (security measures) from ISO27001 Annex A are applicable to your ISMS and how you have implemented them. You can use SoA template to create the overview and map the controls with evidence for applicable and implemented controls. 

You can add the document to this section by navigating to Add new and filling in the form. 

image-1652908968882.png

At  any point you can add new version of the document and have overview of previous versions as well as approvals and reviews. 

image-1652909313099.png

Was this article helpful?
0 out of 5 stars
5 Stars 0%
4 Stars 0%
3 Stars 0%
2 Stars 0%
1 Stars 0%
How can we improve this article?
Please submit the reason for your vote so that we can improve the article.